What responsibility does Degree Wellness have for compliance with policies, procedures, and documentation requirements under 42 U.S.C. § 17931 of the HITECH Act?
Degree_Wellness Franchise · 2025 FDDAnswer from 2025 FDD Document
Business Associate and Covered Entity agree to take such action as is necessary to amend this Agreement from time to time to enable the Parties to comply with the requirements of HIPAA, the HIPAA Regulations and the HITECH Act.
The provisions of this Agreement shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA Regulations, the HITECH Act, the Privacy Rule and the Security Rule.
To the extent that Covered Entity determines that such examination is necessary to comply with Covered Entity's legal obligation pursuant to HIPAA, the HIPAA Regulations, and the HITECH Act, Covered Entity or its authorized agents or contractors may, at Covered Entity's expense, examine Business Associate's facilities, systems, procedures (including but not limited to review of training procedures for Business Associate's staff) and records as may be necessary for such agents or contractors to certify to Covered Entity the extent to which Business Associate's security safeguards comply with HIPAA, the HIPAA Regulations, the HITECH Act, and this Agreement.
If either Party (the "Non-Breaching Party") knows of a pattern of activity or practice of the other Party (the "Breaching Party") that constitutes a material breach or violation of the Breaching Party's obligations under this Agreement, the Non-Breaching Party shall either (i) terminate this Agreement in accordance with Section 5(c) above, or (ii) take reasonable steps to cure the breach or end the violation.
Source: Item 23 — Receipts (FDD pages 66–257)
What This Means (2025 FDD)
According to Degree Wellness's 2025 Franchise Disclosure Document, the relationship between the franchisee (Business Associate) and Degree Wellness (Covered Entity) involves mutual obligations regarding compliance with the HITECH Act. While the franchisee is ultimately responsible for safeguarding Protected Health Information (PHI), Degree Wellness also has responsibilities to ensure compliance.
Degree Wellness, as the Covered Entity, can examine the franchisee's facilities, systems, procedures, and records to certify the extent to which their security safeguards comply with HIPAA, the HIPAA Regulations, and the HITECH Act. This examination is at Degree Wellness's expense and is conducted to comply with their legal obligations. The agreement between the parties should be interpreted as broadly as necessary to comply with the HITECH Act, and any ambiguities should be resolved in favor of compliance.
Furthermore, both Degree Wellness and the franchisee are expected to amend their agreement as necessary to comply with the HITECH Act. If Degree Wellness knows of a pattern of activity by the franchisee that constitutes a material breach of their obligations under the agreement, Degree Wellness must provide written notice and attempt to resolve the issue. This indicates that Degree Wellness has an active role in monitoring and addressing potential compliance issues related to the HITECH Act.